Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojanhorse


  • This topic is locked This topic is locked
2 replies to this topic

#1 albert6

albert6

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 16 February 2009 - 11:46 AM

Have trojan horse
lost sound
slow computer


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/8/2005 8:37:39 AM
System Uptime: 2/16/2009 10:37:34 AM (1 hours ago)

Motherboard: MICRO-STAR INC. | | MS-6728
Processor: Intel® Pentium® 4 CPU 2.80GHz | FC-478 | 2800/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 77 GiB total, 6.917 GiB free.
D: is FIXED (NTFS) - 190 GiB total, 65.429 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is FIXED (NTFS) - 37 GiB total, 25.846 GiB free.
I: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1149: 12/4/2008 3:00:18 AM - Software Distribution Service 3.0
RP1150: 12/5/2008 3:00:19 AM - Software Distribution Service 3.0
RP1151: 12/6/2008 3:00:19 AM - Software Distribution Service 3.0
RP1152: 12/7/2008 3:00:19 AM - Software Distribution Service 3.0
RP1153: 12/8/2008 3:00:19 AM - Software Distribution Service 3.0
RP1154: 12/9/2008 3:00:19 AM - Software Distribution Service 3.0
RP1155: 12/10/2008 3:00:22 AM - Software Distribution Service 3.0
RP1156: 12/11/2008 3:00:19 AM - Software Distribution Service 3.0
RP1157: 12/12/2008 3:00:18 AM - Software Distribution Service 3.0
RP1158: 12/13/2008 3:00:18 AM - Software Distribution Service 3.0
RP1159: 12/14/2008 3:00:17 AM - Software Distribution Service 3.0
RP1160: 12/15/2008 3:00:17 AM - Software Distribution Service 3.0
RP1161: 12/16/2008 3:00:17 AM - Software Distribution Service 3.0
RP1162: 12/17/2008 3:00:20 AM - Software Distribution Service 3.0
RP1163: 12/18/2008 3:00:20 AM - Software Distribution Service 3.0
RP1164: 12/19/2008 3:00:20 AM - Software Distribution Service 3.0
RP1165: 12/20/2008 3:00:20 AM - Software Distribution Service 3.0
RP1166: 12/21/2008 3:00:19 AM - Software Distribution Service 3.0
RP1167: 12/21/2008 1:23:44 PM - Software Distribution Service 3.0
RP1168: 12/22/2008 1:46:05 PM - System Checkpoint
RP1169: 12/23/2008 3:00:19 AM - Software Distribution Service 3.0
RP1170: 12/24/2008 3:00:19 AM - Software Distribution Service 3.0
RP1171: 12/25/2008 3:00:19 AM - Software Distribution Service 3.0
RP1172: 12/26/2008 3:00:19 AM - Software Distribution Service 3.0
RP1173: 12/27/2008 3:00:19 AM - Software Distribution Service 3.0
RP1174: 12/28/2008 3:00:19 AM - Software Distribution Service 3.0
RP1175: 12/28/2008 1:32:11 PM - Software Distribution Service 3.0
RP1176: 12/30/2008 6:27:23 AM - System Checkpoint
RP1177: 12/31/2008 3:00:23 AM - Software Distribution Service 3.0
RP1178: 1/1/2009 3:00:19 AM - Software Distribution Service 3.0
RP1179: 1/2/2009 3:00:19 AM - Software Distribution Service 3.0
RP1180: 1/3/2009 3:00:19 AM - Software Distribution Service 3.0
RP1181: 1/3/2009 11:42:23 AM - Removed AIA Contract Documents 3.5
RP1182: 1/4/2009 3:00:19 AM - Software Distribution Service 3.0
RP1183: 1/4/2009 2:46:46 PM - Software Distribution Service 3.0
RP1184: 1/16/2009 6:10:33 PM - Installed Ad-Aware
RP1185: 1/17/2009 3:00:23 AM - Software Distribution Service 3.0
RP1186: 1/17/2009 5:13:23 PM - Installed Print Creations
RP1187: 1/17/2009 5:14:36 PM - Installed Connect Service
RP1188: 1/17/2009 5:15:03 PM - Installed MediaImpression
RP1189: 1/17/2009 5:16:06 PM - Installed RAW Thumbnail Viewer
RP1190: 1/17/2009 5:16:35 PM - Installed Video Downloader
RP1191: 1/17/2009 5:17:56 PM - Installed PhotoStudio Darkroom
RP1192: 1/18/2009 3:00:20 AM - Software Distribution Service 3.0
RP1193: 1/18/2009 12:43:39 PM - Software Distribution Service 3.0
RP1194: 1/18/2009 12:53:46 PM - Removed MediaImpression
RP1195: 1/18/2009 12:57:27 PM - Software Distribution Service 3.0
RP1196: 1/18/2009 12:59:51 PM - Configured Print Creations
RP1197: 1/18/2009 1:01:25 PM - Configured Print Creations
RP1198: 1/18/2009 1:01:55 PM - Configured Print Creations
RP1199: 1/18/2009 1:04:17 PM - Removed PhotoStudio Darkroom
RP1200: 1/18/2009 1:04:43 PM - Removed Print Creations
RP1201: 1/18/2009 1:05:27 PM - Removed RAW Thumbnail Viewer
RP1202: 1/19/2009 3:00:21 AM - Software Distribution Service 3.0
RP1203: 1/20/2009 3:00:20 AM - Software Distribution Service 3.0
RP1204: 1/21/2009 3:00:20 AM - Software Distribution Service 3.0
RP1205: 1/22/2009 3:00:18 AM - Software Distribution Service 3.0
RP1206: 1/22/2009 12:39:07 PM - Removed Video Downloader
RP1207: 1/23/2009 3:00:19 AM - Software Distribution Service 3.0
RP1208: 1/24/2009 3:00:19 AM - Software Distribution Service 3.0
RP1209: 1/24/2009 7:42:15 AM - Software Distribution Service 3.0
RP1210: 1/30/2009 8:58:53 AM - System Checkpoint
RP1211: 1/31/2009 3:00:19 AM - Software Distribution Service 3.0
RP1212: 2/1/2009 3:00:19 AM - Software Distribution Service 3.0
RP1213: 2/2/2009 3:00:19 AM - Software Distribution Service 3.0
RP1214: 2/3/2009 3:00:19 AM - Software Distribution Service 3.0
RP1215: 2/4/2009 3:00:19 AM - Software Distribution Service 3.0
RP1216: 2/5/2009 3:00:18 AM - Software Distribution Service 3.0
RP1217: 2/5/2009 5:22:46 PM - Software Distribution Service 3.0
RP1218: 2/7/2009 3:00:20 AM - Software Distribution Service 3.0
RP1219: 2/8/2009 3:00:19 AM - Software Distribution Service 3.0
RP1220: 2/9/2009 3:00:23 AM - Software Distribution Service 3.0
RP1221: 2/9/2009 1:45:49 PM - Software Distribution Service 3.0
RP1222: 2/9/2009 2:55:06 PM - Removed GhostFill 5
RP1223: 2/9/2009 3:52:29 PM - Installed Windows Defender
RP1224: 2/9/2009 3:54:00 PM - Software Distribution Service 3.0
RP1225: 2/9/2009 4:15:08 PM - Removed Ad-Aware
RP1226: 2/9/2009 4:16:04 PM - Removed J2SE Runtime Environment 5.0 Update 6
RP1227: 2/9/2009 4:19:36 PM - Removed TuneUp Utilities 2006
RP1228: 2/9/2009 4:25:37 PM - Windows Defender Checkpoint
RP1229: 2/9/2009 4:36:08 PM - Windows Defender Checkpoint
RP1230: 2/9/2009 4:40:38 PM - Windows Defender Checkpoint
RP1231: 2/10/2009 3:00:36 AM - Software Distribution Service 3.0
RP1232: 2/10/2009 4:06:42 AM - Windows Defender Checkpoint
RP1233: 2/11/2009 3:00:44 AM - Software Distribution Service 3.0
RP1234: 2/12/2009 3:00:26 AM - Software Distribution Service 3.0
RP1235: 2/12/2009 11:20:07 AM - Installed Driver Detective
RP1236: 2/13/2009 1:41:03 AM - Software Distribution Service 3.0
RP1237: 2/13/2009 3:00:30 AM - Software Distribution Service 3.0
RP1238: 2/13/2009 3:45:34 AM - Windows Defender Checkpoint
RP1239: 2/14/2009 3:00:33 AM - Software Distribution Service 3.0
RP1240: 2/15/2009 3:00:32 AM - Software Distribution Service 3.0
RP1241: 2/15/2009 3:43:09 AM - Windows Defender Checkpoint
RP1242: 2/15/2009 3:27:22 PM - Configured Driver Detective
RP1243: 2/15/2009 3:34:58 PM - Configured Driver Detective
RP1244: 2/15/2009 3:59:31 PM - Rollback to an unsigned driver
RP1245: 2/15/2009 4:00:06 PM - Rollback to an unsigned driver
RP1246: 2/15/2009 4:06:21 PM - Software Distribution Service 3.0
RP1247: 2/15/2009 4:34:39 PM - Installed Windows NLSDownlevelMapping.
RP1248: 2/15/2009 4:35:06 PM - Installed Windows IDNMitigationAPIs.
RP1249: 2/15/2009 4:35:21 PM - Installed Windows Internet Explorer 7.
RP1250: 2/15/2009 6:15:52 PM - Installed Realtek AC'97 Audio
RP1251: 2/15/2009 6:58:35 PM - Software Distribution Service 3.0
RP1252: 2/16/2009 9:49:52 AM - Installed Driver Detective
RP1253: 2/16/2009 10:15:37 AM - Avira AntiVir Personal - 2/16/2009 10:15
RP1254: 2/16/2009 10:21:18 AM - Installed AVG Free 8.0
RP1255: 2/16/2009 10:35:40 AM - Software Distribution Service 3.0
RP1256: 2/16/2009 10:47:13 AM - Installed Platform

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Photoshop Elements 2.0
Adobe Reader 7.0.8
Advanced Searchbar for Windows
ArcSoft Greeting Card Creator
Ashampoo WinOptimizer 6.10
AutoUpdate
AVG Free 8.0
C-Media 3D Audio
C-Media WDM Audio Driver
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Digital Photo Professional 2.2
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
CleanCache 3.2
Cypress USB Mass Storage Driver Installation
DesignPro 5.0 Limited Edition
DivX
Driver Detective
Driver Updater Pro
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVD Solution
EPSON CardMonitor
EPSON PhotoStarter3.0
EPSON Print CD
EPSON Printer Software
EPSON SPR300 Reference Guide
Film Factory
Free WMA to MP3 Converter 1.16
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
InCD EasyWrite Reader
Intel® PRO Network Adapters and Drivers
LightScribe 1.4.52.1
LimeWire 4.16.6
Macromedia Shockwave Player
Magic Audio Editor Pro v10.0.3
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Document Explorer 2005
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office FrontPage 2003
Microsoft Office OneNote 2003
Microsoft Office Professional Edition 2003
Microsoft Office Project Professional 2003
Microsoft Office Visio Professional 2003
Microsoft Visual C++ 2005 Redistributable
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
Music Wizard Professional 7.2.0
NVIDIA Drivers
NVIDIA Windows 95/98/ME/2000/XP Stereo Drivers
Optimum Online net guide
PhotoImpression
Power Mixer 2.5
PowerDVD
PowerProducer
QuickBooks Premier: Contractor Edition 2004
QuickTime
RealPlayer
Realtek AC'97 Audio
Registry Mechanic 5.2
Roxio Content 8
Roxio Easy Media Creator 7
Roxio Easy Media Creator 8 Deluxe Suite
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
Smart Keyboard
SureThing CD Labeler Deluxe 4
SureThing Holiday Labeler
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
USB Storage Adapter FX (SM1)
WebFldrs XP
Window Washer 5
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Internet Explorer 7
Windows Media Format Runtime
Windows XP Service Pack 3
WMIinfo
XoftSpy

==== Event Viewer Messages From Past Week ========

2/11/2009 3:04:16 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Office 2003 (KB907417).
2/11/2009 3:04:05 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office Outlook 2003 Junk Email Filter (KB959614).
2/11/2009 3:03:48 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Office 2003 Service Pack 3 (SP3).
2/11/2009 12:54:49 AM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
2/10/2009 3:03:32 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office Outlook 2003 Junk Email Filter (KB959140).
2/9/2009 6:19:25 PM, error: Dhcp [1002] - The IP address lease 10.0.1.198 for the Network Card with network address 000F667465DB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
2/9/2009 4:36:32 PM, error: WinDefend [3006] - Windows Defender Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=370...threatid=124276 Scan ID: {B8634E04-3B7B-4A1C-AEB7-DE609D4F88C8} User: AL-R99392VTT22R\Al Karseboom Name: Trojan:Win32/Vundo.BR ID: 124276 Severity: Severe Category: Trojan Path: Alert Type: Spyware or other potentially unwanted software Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
2/9/2009 4:25:37 PM, error: WinDefend [3006] - Windows Defender Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=370...threatid=124276 Scan ID: {C19D6C8E-BBC7-48D7-B449-1667D375866A} User: AL-R99392VTT22R\Al Karseboom Name: Trojan:Win32/Vundo.BR ID: 124276 Severity: Severe Category: Trojan Path: Alert Type: Spyware or other potentially unwanted software Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
2/12/2009 12:22:36 AM, error: Dhcp [1002] - The IP address lease 192.168.100.11 for the Network Card with network address 000E5C121EEF has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).
2/12/2009 11:01:57 AM, error: Service Control Manager [7000] - The NTACCESS service failed to start due to the following error: The device is not ready.
2/12/2009 11:03:07 AM, error: PlugPlayManager [11] - The device Root\LEGACY_SETUPNTGLM7X\0000 disappeared from the system without first being prepared for removal.
2/12/2009 11:20:42 AM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
2/12/2009 11:20:42 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
2/12/2009 11:20:42 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.DirectX.dll. Reference error message: The operation completed successfully. .
2/13/2009 3:45:35 AM, error: WinDefend [1008] - Windows Defender has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=370...threatid=124276 Scan ID: {747E9722-B88D-44A1-8ABE-941930E7BAB5} Scan Type: AntiMalware User: NT AUTHORITY\NETWORK SERVICE Name: Trojan:Win32/Vundo.BR ID: 124276 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
2/14/2009 3:43:13 AM, error: WinDefend [1008] - Windows Defender has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=370...threatid=124276 Scan ID: {80C9C236-5320-4A97-A021-2E4428DF3DE1} Scan Type: AntiMalware User: NT AUTHORITY\NETWORK SERVICE Name: Trojan:Win32/Vundo.BR ID: 124276 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
2/15/2009 3:43:09 AM, error: WinDefend [1008] - Windows Defender has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=370...threatid=124276 Scan ID: {9C69E529-A4AA-406E-BF1C-14EEBF8A9A30} Scan Type: AntiMalware User: NT AUTHORITY\NETWORK SERVICE Name: Trojan:Win32/Vundo.BR ID: 124276 Severity: Severe Category: Trojan Path: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
2/15/2009 3:56:17 PM, error: PlugPlayManager [11] - The device Root\LEGACY_MEMCTL\0000 disappeared from the system without first being prepared for removal.

==== End Of File ===========================


DDS (Ver_09-02-01.01) - NTFSx86
Run by Al Karseboom at 11:33:49.23 on Mon 02/16/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1355 [GMT -5:00]

AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning disabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning disabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Outdated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning disabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Al Karseboom\Desktop\dds.scr
C:\WINDOWS\System32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.optonline.net/home
uSearch Page =
uDefault_Page_URL = hxxp://www.optonline.net
uInternet Connection Wizard,ShellNext = iexplore
mSearchAssistant = hxxp://ie.search.msn.com
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Advanced Searchbar: {cdeec43d-3572-4e95-a2a5-f519d29f00c0} - c:\progra~1\advanc~1\ADVANC~1.DLL
TB: Advanced Searchbar: {57f02779-3d88-4958-8ad3-83c12d86adc7} - c:\program files\advancedsearchbar\advancedsearchbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [A00F4A87C5.exe] c:\docume~1\alkars~1\locals~1\temp\_A00F4A87C5.exe
uRun: [A00F9C046.exe] c:\docume~1\alkars~1\locals~1\temp\_A00F9C046.exe
uRun: [Power Mixer] "c:\program files\power mixer\pwmixer.exe" /m
uRun: [A00F5110E.exe] c:\docume~1\alkars~1\locals~1\temp\_A00F5110E.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [SW20] c:\windows\system32\sw20.exe
mRun: [SW24] c:\windows\system32\sw24.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Ifufavalegacudez] rundll32.exe "c:\windows\ohusidub.dll",e
mRun: [Vcogivumej] rundll32.exe "c:\windows\Slozulufujufu.dll",e
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mPolicies-explorer: NoResolveTrack = 1 (0x1)
IE: E&xport to Microsoft Excel - g:\progra~1\office12\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - d:\bodog poker\BPGame.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {57F02779-3D88-4958-8AD3-83C12D86ADC7} - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - c:\program files\advancedsearchbar\advancedsearchbar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - g:\progra~1\office11\REFIEBAR.DLL
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/F/D/9/FD9E437D-5BC8-4264-A093-DFA2C39D197E/LegitCheckControl.cab
DPF: {4E330863-6A11-11D0-BFD8-006097237877} - hxxp://tw.msi.com.tw/autobios/client/iftwclix.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129764805328
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147083064078
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: f08d514a530 - c:\windows\system32\clusapi32.dll
Notify: __c001ADE6 - c:\windows\system32\__c001ADE6.dat
Notify: __c0030D7F - c:\windows\system32\__c0030D7F.dat
Notify: __c006F1F0 - c:\windows\system32\__c006F1F0.dat
Notify: __c008676 - c:\windows\system32\__c008676.dat
Notify: __c00CB4E9 - c:\windows\system32\__c00CB4E9.dat
AppInit_DLLs: c:\windows\system32\clusapi32.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\windows defender\MpShHook.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-16 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-16 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-16 107272]
R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [2005-10-19 6656]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-16 298264]
R2 nhksrv;Netropa NHK Server;c:\program files\netropa\multimedia keyboard\nhksrv.exe [2005-10-19 28672]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S1 acfazrfn;acfazrfn;\??\c:\windows\system32\drivers\acfazrfn.sys --> c:\windows\system32\drivers\acfazrfn.sys [?]
S1 afuaopcr;afuaopcr;\??\c:\windows\system32\drivers\afuaopcr.sys --> c:\windows\system32\drivers\afuaopcr.sys [?]
S1 owxyewop;owxyewop;\??\c:\windows\system32\drivers\owxyewop.sys --> c:\windows\system32\drivers\owxyewop.sys [?]
S3 DfSdkS;Defragmentation-Service;c:\program files\ashampoo\ashampoo winoptimizer 6\DfSdkS.exe [2009-1-16 410976]
S3 FILEMON;FILEMON;\??\c:\windows\system32\drivers\filem.sys --> c:\windows\system32\drivers\FILEM.SYS [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]

=============== Created Last 30 ================

2009-02-16 11:06 <DIR> --d----- c:\program files\Trend Micro
2009-02-16 10:46 <DIR> --d----- c:\program files\VIA
2009-02-16 10:25 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-02-16 10:22 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-02-16 10:22 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-02-16 10:22 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-02-16 10:21 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-02-16 10:21 <DIR> --d----- c:\program files\AVG
2009-02-16 10:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-02-16 09:50 <DIR> --d----- c:\program files\PC Drivers HeadQuarters
2009-02-16 09:46 24,576 a------- c:\windows\system32\__c009B539.dat
2009-02-15 18:55 <DIR> --d----- c:\program files\Power Mixer
2009-02-15 18:55 <DIR> --d----- c:\docume~1\alkars~1\applic~1\Power Mixer
2009-02-15 18:53 <DIR> --d----- c:\program files\common files\xing shared
2009-02-15 18:46 24,576 a------- c:\windows\system32\__c0028321.dat
2009-02-15 18:16 49,152 a------- c:\windows\system32\ChCfg.exe
2009-02-15 18:16 <DIR> --d----- c:\program files\Realtek AC97
2009-02-15 18:15 10,528,768 a------- c:\windows\system32\RTLCPL.exe
2009-02-15 18:15 147,456 a------- c:\windows\system32\RtlCPAPI.dll
2009-02-15 18:15 315,392 a------- c:\windows\alcupd.exe
2009-02-15 18:15 217,088 a------- c:\windows\Alcrmv.exe
2009-02-15 18:05 24,576 a------- c:\windows\system32\__c00CB4E9.dat
2009-02-15 16:33 <DIR> --d----- c:\windows\system32\MpEngineStore
2009-02-15 15:38 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{4439F0FD-AFAF-434D-86E2-DEB14A9C58AC}
2009-02-15 15:38 <DIR> --d----- c:\program files\iXi Tools
2009-02-15 15:33 <DIR> --d----- c:\docume~1\alkars~1\applic~1\DriverCure
2009-02-15 15:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ParetoLogic
2009-02-15 15:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DriverCure
2009-02-15 15:24 134,144 a------- c:\windows\ohusidub.dll
2009-02-15 15:13 24,576 a------- c:\windows\system32\__c00BEE40.dat
2009-02-15 15:12 41,984 a------- c:\windows\Slozulufujufu.dll
2009-02-12 11:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters
2009-02-09 15:16 <DIR> --d----- c:\program files\Optimum Online
2009-02-09 13:11 105 a------- C:\xcrashdump.dat
2009-02-08 10:10 9,446 a------- c:\windows\GnuHashes.ini
2009-02-08 10:03 1,464 a--sh--- c:\windows\system32\GroupPolicy000.dat
2009-02-08 10:03 <DIR> --dsh--- c:\windows\system32\LocalService32
2009-02-08 10:03 374,272 a--sh--- c:\windows\system32\83.tmp
2009-02-08 10:03 135,168 a------- c:\windows\system32\clusapi32.dll
2009-01-17 17:27 9,662 a------- c:\windows\EPISME00.SWB
2009-01-17 17:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ArcSoft

==================== Find3M ====================

2009-02-09 15:15 458,752 a------- C:\Dist32.dll
2009-02-09 15:15 344,064 a------- C:\Yampa.exe
2009-02-09 15:15 135,168 a------- C:\DHCPD.exe
2009-02-09 15:15 790,528 a------- C:\setup32.exe
2009-02-09 15:15 45,056 a------- C:\NetUtils.dll
2009-01-09 11:46 39,776 a------- c:\windows\system32\DfSdkBt64.exe
2009-01-09 11:46 33,632 a------- c:\windows\system32\DfSdkBt.exe
2008-12-20 18:15 826,368 a------- c:\windows\system32\wininet.dll
2008-11-24 15:01 249,856 a------- c:\windows\system32\pdfmona.dll
2008-11-24 15:01 51,716 a------- c:\windows\system32\pdf995mon.dll
2005-11-02 19:05 774,144 a------- c:\program files\RngInterstitial.dll
2004-03-11 12:27 40,960 a------- c:\program files\Uninstall_CDS.exe
2003-08-27 13:19 36,963 ac---r-- c:\program files\common files\SM1updtr.dll
2008-08-30 08:47 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008083020080831\index.dat

============= FINISH: 11:34:47.95 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:02:05 PM

Posted 27 February 2009 - 06:37 PM

Hello albert6,

Posted Image

Sorry about the delay.:thumbup2: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Please do this:
1. Download HijackThis™ here:
http://www.trendsecure.com/portal/en-US/th.../hijackthis.php

2. Click 'Do a System Scan and Save log'.
The HJT log will open in notepad.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:02:05 PM

Posted 08 March 2009 - 04:52 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users